Alerts

Drupal has released a security update to fix a vulnerability that affects multiple versions of Drupal Core. The addressed vulnerability could allow the remote attacker to obtain sensitive information from the affected products by sending specially crafted requests. This vulnerability only affects sites with the JSON: API module enabled and can be mitigated by uninstalling […]

MOVEit Transfer has released security updates to address multiple vulnerabilities in multiple versions of Progress MOVEit Transfer. The addressed vulnerabilities could allow the remote attacker to perform either cross-site scripting attack by sending specially crafted URLs, or SQL injection attack to view, add, modify, or delete information in the back-end database on the affected system.

Apple has released security updates to address three zero-day vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, elevate the privilege, and bypass security restrictions on the affected products by persuading the victim to open a specially crafted web content or application. Sample of the addressed vulnerabilities: 1. Apple Safari

SolarWinds has released security updates to fix multiple vulnerabilities in the SolarWinds Platform 2023.3 and prior versions. The addressed vulnerabilities could allow the remote attacker to execute arbitrary commands with NETWORK SERVICE privileges on the affected system. The addressed vulnerabilities: 1. SolarWinds Platform Command Execution Vulnerability (CVE-2023-23840): CVSS: 6.8 Attack Vector: Adjacent Network Attack Complexity:

Atlassian has released security updates to address several vulnerabilities across multiple products. The addressed vulnerabilities could allow the remote attacker to gain access, execute arbitrary code, or trigger a denial of service attack on the affected products. Sample of the addressed vulnerabilities: 1. Atlassian Bitbucket Server, Data Center Code Execution (CVE-2023-22513): CVSS: 8.5 Attack Vector:

Fortinet has released security updates to fix several vulnerabilities across multiple products. The addressed vulnerabilities could allow the attacker to gain access, obtain sensitive information, or manipulate files on the affected products. Sample of the addressed vulnerabilities: 1- Fortinet FortiWeb Code Execution Vulnerability (CVE-2023-34984): CVSS: 7.1 Attack Vector: Network Attack Complexity: High Privileges Required: None

Microsoft Edge has released an updated Microsoft Edge Stable version (117.0.2045.31), and version 109 (109.0.1518.140) to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to exploit it through a malicious WebP image, when the victim opens the compromised image it could trigger a heap buffer overflow within the content process, potentially

Fortinet has released security updates to fix several vulnerabilities in FortiProxy, FortiADC, and FortiOS. The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, or gain access to the affected products and inject malicious script into the webpage to steal the victim’s cookie-based authentication credentials. The addressed vulnerabilities: 1. FortiADC – Command Injection

Apache has released a security update to address a vulnerability in Apache Tomcat Connectors. The addressed vulnerability could allow the remote attacker to obtain sensitive information caused by a flaw in the mod_jk component by sending a specially crafted HTTP request. Apache Tomcat Connectors Information Disclosure (CVE-2023-41081): CVSS: 7.5 Attack Vector: Network Attack Complexity: Low

Cisco has released security updates to fix multiple vulnerabilities in Cisco IOS XR Software. The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary code, perform denial of service attacks, or bypass security restrictions on the affected products. Sample of the addressed vulnerabilities: 1. Cisco IOS XR Code Execution Vulnerability (CVE-2023-20236): CVSS: 6.7

Palo Alto has released security updates to address vulnerabilities affecting PAN-OS and Cortex XDR Agent. The addressed vulnerabilities could allow the attacker to cause denial of serviceattacks on the affected products, or allow the local user to disable the Cortex XDRagent on the vulnerable Windows devices. The addressed vulnerabilities: 1. PAN-OS: Denial-of-Service Vulnerability in BGP

Google has released an updated Chrome version (117.0.5938.62/.63) for Windows, (117.0.5938.62) for Linux, and Mac and (109.0.5414.165) for Windows Server 2012, and Windows Server 2012 R2 only to fix several vulnerabilities. The addressed vulnerabilities could allow the remote attacker to execute arbitrary code, bypass security restrictions, and gain access to the affected system by persuading

Mozilla has released an updated Firefox version 117.0.1, Firefox ESR versions 115.2.1, and 102.15.1 to fix a zero-day vulnerability exploited in the wild. The addressed vulnerability could allow the remote attacker to exploit it through a malicious WebP image, when the victim opens the compromised image it could trigger a heap buffer overflow within the

Adobe has released security updates to address multiple vulnerabilities in Adobe Acrobat and Reader, Adobe Connect, and Adobe Experience Manager. The addressed vulnerabilities could allow the attacker to steal the victim’s cookiebased authentication credentials or execute arbitrary code and gain access to the affected system. Sample of the addressed vulnerabilities: 1. Adobe Acrobat and Adobe

Zoom has released security updates to fix vulnerabilities in Zoom CleanZoom, Zoom clients, and Zoom Desktop Client for Windows and Linux. The addressed vulnerabilities could allow the attacker to perform denial of service attacks, or gain elevated privileges on the affected systems. Sample of the addressed vulnerabilities: 1. Zoom CleanZoom Privilege Escalation Vulnerability (CVE-2023-39201): CVSS:

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed two actively exploited zero-day vulnerabilities. September’s Patch Tuesday was released to fix security flaws in several Microsoft products such as .NET Framework, 3D Builder, Windows Server 2012, Windows RT 8.1, Windows 10 x64, Microsoft Exchange Server, Microsoft Azure,

Google has released an updated Chrome version (116.0.5845.187/188) for Windows, and (116.0.5845.187) for Linux, and Mac to fix a zero-day vulnerability. The addressed vulnerability could allow the remote attacker to overflow the buffer and execute arbitrary code by persuading the victim to visit a specially craftedwebsite. Google Chrome Buffer Overflow Vulnerability (CVE-2023-4863): CVSS: 8.8 Attack

Cisco has released a security warning to mitigate a zero-day vulnerability across Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD). The addressed zero-day vulnerability is located within the web services interface of the Cisco ASA and Cisco FTD devices, specifically the functions that deal with authentication, authorization, and accounting (AAA) functions. This